• Stars
    star
    448
  • Rank 97,523 (Top 2 %)
  • Language
    Go
  • License
    Other
  • Created over 10 years ago
  • Updated over 10 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OpenSSL CVE-2014-0160 Heartbleed vulnerability test

Heartbleeder

Tests your servers for OpenSSL CVE-2014-0160 aka Heartbleed.

WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build.

Pull requests welcome.

Usage

$ heartbleeder example.com
INSECURE - example.com:443 has the heartbeat extension enabled and is vulnerable

Multiple hosts

Multiple hosts may be monitored by setting -hostfile flag to a file with newline separated addresses. A web dashboard is available at http://localhost:5000 by default.

Testing PostgreSQL

Postgres uses OpenSSL in a slightly different way. To test whether a Postgres server is vulnerable, run the following (defaults to port 5432):

$ heartbleeder -pg example.com
SECURE - example:5432 does not have the heartbeat extension enabled

Installation

Binaries are available from gobuild.io.

Build from source by running go get -u github.com/titanous/heartbleeder, which will put the code in $GOPATH/src/github.com/titanous/heartbleeder and a binary at $GOPATH/bin/heartbleeder.

Requires Go version >= 1.2. On Ubuntu godeb is an easy way of getting the latest version of Go.

Credits

The TLS implementation was borrowed from the Go standard library.

More Repositories

1

yubikey

A Ruby library for verifying, decoding, decrypting and parsing Yubikey one-time passwords.
Ruby
138
star
2

homebrew-gnuradio

GNU Radio Formulae for Homebrew (unmaintained)
Ruby
110
star
3

tropo-voicemail

Voicemail for Hackers
Ruby
59
star
4

grpc-web-client

gRPC-Web client in Rust
Rust
51
star
5

json5

Go JSON5 decoder package based on encoding/json
Go
41
star
6

disable-webusb

Chrome extension that disables WebUSB
JavaScript
34
star
7

twilio-forwarder

Tiny app to forward phone calls, record voicemail, bridge SMS to email
Go
20
star
8

go-wireguard

WIP WireGuard implementation in Go
Go
14
star
9

disable-webbluetooth

Chrome extension that disables WebBluetooth
JavaScript
14
star
10

rocacheck

Go package that checks if RSA keys are vulnerable to ROCA / CVE-2017-15361
Go
13
star
11

a3

Asterisk-Adhearsion API; A Sinatra app that brings REST to Asterisk [shelved]
Ruby
10
star
12

screenshotplz

A simple web service for making PNGs out of URLs.
Ruby
9
star
13

pem-js

Javascript RSA Key PEM Encoder/Decoder [experiment]
JavaScript
8
star
14

eatsafe-api

API for the Ottawa EatSafe data
Ruby
7
star
15

docker-sshd

OpenSSH in an Ubuntu container with init/upstart
Shell
6
star
16

graphite-on-dotcloud

Graphite on dotCloud in five minutes or less.
Shell
6
star
17

vertebrae

A lightweight complement to Zepto.js and Backbone.js that adds view state management and transitions. [experiment]
JavaScript
6
star
18

noeq-rb

Ruby noeqd GUID client.
Ruby
5
star
19

graphql-fuzz

Go
5
star
20

octranspo-gps-wrapper

A node.js wrapper for the OC Transpo live GPS data (tracks user stats)
JavaScript
5
star
21

idiomag

wrapper for the idiomag api [abandoned]
Ruby
3
star
22

merb_prawn

A plugin for the Merb framework that provides PDF views using Prawn.
Ruby
3
star
23

sslverify

Handles SSL certificate verification in Ruby, so that you don't have to. [experiment]
Ruby
3
star
24

beam

A protocol and library for service-oriented communication, with an emphasis on real-world patterns, simplicity and not reinventing the wheel.
Go
3
star
25

twitter-stream-cli

A command line client for the Twitter Streaming API [experiment]
Ruby
3
star
26

openshift-rbenv-template

Template to run an Openshift DIY Cartridge with ruby 1.9.3 (rbenv) and god
Shell
3
star
27

strict-json

Strict JSON parsing based on the Go encoding/json package
Go
2
star
28

constantcrawl

A distributed real-time cache of the internet
2
star
29

microtext

Ruby
2
star
30

weap

Go
2
star
31

dh-announce-importer

A web app to import email lists into Dreamhost announcement lists [half-finished, never to be competed]
JavaScript
2
star
32

gist

Simple gist uploader
Go
2
star
33

whereismybus

Mobile OC Transpo schedules.
JavaScript
2
star
34

m

Go struct <-> SQL mapper
Go
2
star
35

swissbank

payment tokenization spec
2
star
36

hook

GitHub hook manager
Go
2
star
37

face-shield-strap-adapter

Adapter for using a smooth elastic strap with printed face shields
OpenSCAD
1
star
38

titanous.github.com

1
star
39

gocheck

Mirror of launchpad.net/gocheck
Go
1
star
40

tup-go

Go
1
star
41

caddy-tlsredirect

Go
1
star
42

docker-ubuntu

Ubuntu container with upstart
Shell
1
star
43

bconv

Go
1
star
44

babushka-deps

Ruby
1
star
45

s3rm

Go
1
star
46

libvirt-arp-bug

Go
1
star
47

go.xml

Go's XML package with a patch for namespaces
Go
1
star